Vulnerability

CVE-2024-55551

 Report advisory or correction

CVSS Score 9.2 critical

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-471

References

https://gist.github.com/azraelxuemo/9565ec9219e0c3e9afd5474904c39d0f
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-55551

[CVE-2024-55551] CWE-471: Modification of Assumed-Immutable Data (MAID)

Description

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.

See com.exasol/exasol-jdbc package information